From 6113749c21c5188ad94d5e578fd3146333c05883 Mon Sep 17 00:00:00 2001
From: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>
Date: Fri, 19 Mar 2021 08:59:19 +1300
Subject: conntrack: Don't use ICMP attrs in decision to build repl tuple

conntrack-tools doesn't set the REPL attributes by default for updates,
so for ICMP flows, the update won't be sent as building the repl tuple
will fail.

Signed-off-by: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/build_mnl.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'src/conntrack')

diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
index d9ad268..0067a1c 100644
--- a/src/conntrack/build_mnl.c
+++ b/src/conntrack/build_mnl.c
@@ -496,10 +496,7 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
 	    test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
 	    test_bit(ATTR_REPL_L3PROTO, ct->head.set) ||
 	    test_bit(ATTR_REPL_L4PROTO, ct->head.set) ||
-	    test_bit(ATTR_REPL_ZONE, ct->head.set) ||
-	    test_bit(ATTR_ICMP_TYPE, ct->head.set) ||
-	    test_bit(ATTR_ICMP_CODE, ct->head.set) ||
-	    test_bit(ATTR_ICMP_ID, ct->head.set)) {
+	    test_bit(ATTR_REPL_ZONE, ct->head.set)) {
 		const struct __nfct_tuple *t = &ct->repl;
 		struct nlattr *nest;
 
-- 
cgit v1.2.3